Web, Video, Design, Photography, Development and all things OpenSource.

Menu

Tag Archives: howto

Making website more mobile friendly – Google article on how to make your website more friendly for those people browsing using a mobile phone. This article from Google looks at both SmartPhones and traditional mobile phones (using WAP, etc.). It then talks about how Googlebot-Mobile trawls your website and the user-agent strings that help it ascertain the information required for mobile phones. The format used being:

Top things to do to secure your Joomla website

Updated: 3/2/2011 (you can now download and view this as a checklist document for your reference and guidance)

Here’s my list of the top things to do to make sure that your not leaving security vulnerabilities in your Joomla website and that it runs smoothly each and every day…

FIRSTLY MAKE SURE YOU ARE RUNNING THE LATEST RELEASED VERSION OF JOOMLA. Login to your Joomla site and look at the version number. If you are not running the latest version, download it and update your site straight away! At the time of writing this (Feb 2011) there are two major versions of Joomla. 1.6 is the latest brand new release and version 1.5.xx. If your site is using a 1.5.xx version make sure you upgrade to the latest version in that range e.g. 1.5.xx to 1.5.xx – do not jump to version 1.6 without a lot of testing and looking at the implications of doing so!

Create a spreadsheet grid showing all your Joomla websites against modules / version installed in each site with dates and links to latest versions (this should be reviewed and signed off every month)

Delete the Administrator account and create an account within each site with Super Administrator rights – use a different user account for each site in case one site gets hacked. Create the Super Administrator account before you logout (having deleted the original Administrator account) – for obvious reasons – you don’t want to lock yourself out!

Verify that your DATABASE password is not the same as your ADMINISTRATOR password. The database password is the password you chose when you first installed Joomla and went through the wizard to install the MYSQL database. It’s important that the Joomla Administrator password is not the same. Use an FTP client to login to your website, navigate to your ROOT directory on your site, and view the CONFIGURATION.PHP file. Look for the line that says “var $password = ‘. Check this password is NOT the same as the password you have just used to login as administrator. If it is the same CHANGE YOUR ADMINISTRATOR PASSWORD NOW!You can also check your “var $dbprefix = ” line is NOT SET TO ‘jos_’ (see my first tip here about renaming this prefix with the EASYSQL product.

Change the default editor to NONE and manually add the Tiny Editor to all those named users you want to use the full editor. This way the default users will not be able to use the full editor.

Enable SEF from the control panel. This will create nice URL’s that are search engine friendly AND it will stop hackers from searching GOOGLE for index.php?com_<modulename> and getting a list of all websites that use a certain module that has a security issue. After you switch on the SEF under the control panel, make sure you check the links on your site and they are now using proper SEO friendly links rather than then older links.

Disable ALL Non used Joomla core modules/components and extensions in each site that are not being used

Uninstall all 3rd party modules that are not being used on each site

Use an exploit and vulnerability site like inj3ct0r (http://inj3ct0r.com) to check to see if there have been any security issues with all your third party modules. Go to that website and type in the name of the component to see if there are any issues. Then check the version number returned and that your site is above that version. Also check with the third party component site to check if there are updates that fix the reported issues.

Make sure that the admin database MySQL account password is not the same as the Joomla site login

Check the version of PHP your site is currently running. You need to have version 5.x installed. Login to your site and select HELP -> SYSTEM INFO. Look for PHP Version.. it should say something like 5.2.xx. If you are still using PHP version 4.x on your site you need to upgrade the PHP for your site. This can usually be done via CPANEL or by contacting your ISP via their support system.

Make sure that each sites configuration.php is set to READ ONLY once we have it set

Ensure that the Joomla installation folder is deleted for each site

Make sure that every third party modules and components have the correct php coding structure at the top of the file:// no direct access
defined(‘_JEXEC’) or die(‘Restricted access’);

This will check and use the built in Joomla security which is the official method for security with Joomla websites. To do this you will have to login to your site using an FTP client and look at each third party component.

Make sure the .htaccess file in the root of each site is set correctly – this means renaming ‘htaccess.txt’ to ‘.htaccess’ on Apache servers and uncommenting code within the file that stops XML access issues. Please note that .htaccess is usually marked as a hidden file, so you may need to set an option in your FTP to view hidden files on your site.You should also add ‘IndexIgnore *‘ (without the speechmarks and capitalised as this) to the bottom of the .htaccess file.

Like this:

Google used to group the options from the search sidebar so you can quickly find the filters related to location, visited pages and the different ways to present search results. All these groups have been merged and Google only kept the group that lets you restrict the results to recent web pages. Google also removed the “related searches” view which showed a list of related searches at the top of the page and allowed you to compare the results for different searches.

The more interesting options now available include:

Wonder Wheel

A kind of mindmap of your search with links that you can follow easily with related information on the right hand side of the search window. Good option for drilling down into information or looking at the search in a different way.

Timeline

The Timeline search view shows a graph of your search term over time with key dates and events over time. You can see from this view the popularity of the search over a period of time. You can also click into the various date segments and drill down further into the information.

As you drilldown into each segment – it expands to show a more detailed timeline of the search term. Again you can drilldown even further. Good for finding date related search information.

Like this:

Some of my general notes about producing screencasting videos for YouTube, etc. using CamStudio and other products. There are settings at the bottom that describe the best settings for CamStudio and sending screencasts to YouTube.

I really like Screenr. If you haven’t tried it out yet, you should give it a whirl. Here’s what I like best:

* Screenr is super easy to use and there’s nothing to download. You just click the record button on the website and you’re recording your screen activity and your narration.

* The image quality is pretty darn good. You can even watch the screencasts back at HD-quality and they look great.

* Screenr gives you multiple ways to use your screencasts. It works with Twitter and the screencasts play as Flash on the web. You can also upload the screencasts to YouTube. And you can even download the videos as MP4 files. They also look nice on the iPhone. All these options give you a number of ways to reach your learners.

* My favorite…there’s no branding on the downloaded MP4 files. Since you can download the videos, you’re free to use them as you wish. That means you can use it in your elearning courses without looking like one of those MLS soccer players. Go Sounders!